Refactor
This commit is contained in:
soraefir
@@ -3,59 +3,61 @@ let
|
||||
version = "31";
|
||||
serverCfg = config.syscfg.server;
|
||||
in {
|
||||
sops = true;
|
||||
db = true;
|
||||
paths = [{
|
||||
path="${serverCfg.path.config}/nextcloud";
|
||||
owner = "33:33";
|
||||
mode = "0755";
|
||||
}];
|
||||
|
||||
containers = {
|
||||
server = builder.mkContainer {
|
||||
subdomain = containerCfg.subdomain;
|
||||
image = "nextcloud:${version}";
|
||||
port = 80;
|
||||
secret = name;
|
||||
extraEnv = {
|
||||
REDIS_HOST = builder.host;
|
||||
POSTGRES_HOST = builder.host;
|
||||
POSTGRES_USER = "nextcloud_user";
|
||||
POSTGRES_DB = "nextcloud_db";
|
||||
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
|
||||
NEXTCLOUD_TRUSTED_DOMAINS = "${containerCfg.subdomain}.${serverCfg.domain} nextcloud-server";
|
||||
SMTP_HOST = serverCfg.mail.server;
|
||||
SMTP_NAME = "mail_user";
|
||||
SMTP_PASSWORD = "mail_password";
|
||||
MAIL_FROM_ADDRESS = "${containerCfg.subdomain}@${serverCfg.domain}";
|
||||
MAIL_DOMAIN = serverCfg.mail.domain;
|
||||
TRUSTED_PROXIES = "10.10.0.0/16 192.168.0.0/16";
|
||||
NEXTCLOUD_DATA_DIR = "/var/www/html/data";
|
||||
};
|
||||
extraLabels = {
|
||||
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "sts_headers,${containerCfg.subdomain}-caldav";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.permanent" = "true";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.regex" = "https://(.*)/.well-known/(?:card|cal)dav";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.replacement" = "https://$1/remote.php/dav";
|
||||
"traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000";
|
||||
"traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true";
|
||||
};
|
||||
extraOptions = [
|
||||
"--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
|
||||
];
|
||||
overrides = {
|
||||
ports = if containerCfg.port!=null then [ "${toString containerCfg.port}:80" ] else [];
|
||||
volumes = [
|
||||
"${serverCfg.path.config}/nextcloud:/var/www/html"
|
||||
"${serverCfg.path.cloud}:/var/www/html/data"
|
||||
];
|
||||
};
|
||||
};
|
||||
requires = {
|
||||
secrets = [ name ];
|
||||
databases = [ name ];
|
||||
};
|
||||
|
||||
setup = {
|
||||
trigger = "server";
|
||||
script = pkgs.writeShellScript "setup" ''
|
||||
runtime = {
|
||||
paths = [{
|
||||
path="${serverCfg.path.config}/nextcloud";
|
||||
owner = "33:33";
|
||||
mode = "0755";
|
||||
}];
|
||||
|
||||
containers = {
|
||||
server = builder.mkContainer {
|
||||
tmpfs = true;
|
||||
subdomain = containerCfg.subdomain;
|
||||
image = "nextcloud:${version}";
|
||||
port = 80;
|
||||
secret = name;
|
||||
extraEnv = {
|
||||
REDIS_HOST = builder.host;
|
||||
POSTGRES_HOST = builder.host;
|
||||
POSTGRES_USER = "nextcloud_user";
|
||||
POSTGRES_DB = "nextcloud_db";
|
||||
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
|
||||
NEXTCLOUD_TRUSTED_DOMAINS = "${containerCfg.subdomain}.${serverCfg.domain} nextcloud-server";
|
||||
SMTP_HOST = serverCfg.mail.server;
|
||||
SMTP_NAME = "mail_user";
|
||||
SMTP_PASSWORD = "mail_password";
|
||||
MAIL_FROM_ADDRESS = "${containerCfg.subdomain}@${serverCfg.domain}";
|
||||
MAIL_DOMAIN = serverCfg.mail.domain;
|
||||
TRUSTED_PROXIES = "10.10.0.0/16 192.168.0.0/16";
|
||||
NEXTCLOUD_DATA_DIR = "/var/www/html/data";
|
||||
};
|
||||
extraLabels = {
|
||||
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "sts_headers,${containerCfg.subdomain}-caldav";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.permanent" = "true";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.regex" = "https://(.*)/.well-known/(?:card|cal)dav";
|
||||
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.replacement" = "https://$1/remote.php/dav";
|
||||
"traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000";
|
||||
"traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true";
|
||||
};
|
||||
overrides = {
|
||||
ports = if containerCfg.port!=null then [ "${toString containerCfg.port}:80" ] else [];
|
||||
volumes = [
|
||||
"${serverCfg.path.config}/nextcloud:/var/www/html"
|
||||
"${serverCfg.path.cloud}:/var/www/html/data"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
setup = {
|
||||
trigger = "server";
|
||||
script = pkgs.writeShellScript "setup" ''
|
||||
# Define the command wrapper
|
||||
OCC="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.domain} -u www-data nextcloud-server php occ"
|
||||
|
||||
@@ -189,8 +191,9 @@ in {
|
||||
$OCC db:add-missing-indices --no-interaction
|
||||
|
||||
echo "Completed Setup"
|
||||
'';
|
||||
};
|
||||
'';
|
||||
};
|
||||
|
||||
cron = [ "*/5 * * * * root ${pkgs.podman}/bin/podman --events-backend=none exec -u www-data nextcloud-server php -f /var/www/html/cron.php" ];
|
||||
cron = [ "*/5 * * * * root ${pkgs.podman}/bin/podman --events-backend=none exec -u www-data nextcloud-server php -f /var/www/html/cron.php" ];
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user